U.S. Accuses China of Hacking Aerospace, Tech Companies

Chinese intelligence officers recruited hackers and insiders to help them steal sensitive information from aerospace and technology companies, the U.S. Department of Justice said on Tuesday.

An indictment unsealed this week charges ten Chinese nationals over their role in the scheme, including two spies, six hackers and two insiders.

According to U.S. authorities, the operation was coordinated by Zha Rong and Chai Meng, intelligence officers working for the Jiangsu Province Ministry of State Security (JSSD) in the Chinese city of Nanjing. The JSSD is a foreign intelligence arm of China’s Ministry of State Security (MSS), which is responsible for non-military foreign intelligence, domestic counterintelligence, and political and domestic security.

Zha Rong and Chai Meng are said to have recruited five hackers, including Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi, to steal information on a turbofan engine used in commercial airliners in Europe and the United States.

The targeted jet engine was being developed by a French aerospace company, which also had offices in China’s Jiangsu province, in cooperation with a U.S.-based firm.

The hackers targeted the French company via phishing, watering hole attacks, and domain hijacking, but they were also assisted by at least two individuals working at the firm’s Chinese office. Tian Xi allegedly planted a piece of malware received from a JSSD officer on the organization’s computers and Gu Gen, who had been working as the head of IT and security, tipped off the Chinese agency when foreign law enforcement discovered the malware.

In addition to the French aerospace manufacturer, the hackers targeted companies that built parts of the jet engine, including ones based on Massachusetts, Oregon and Arizona. Authorities pointed out that at the time of the attacks, which spanned from at least January 2010 to May 2015, an aerospace company owned by the Chinese government had also been working on a similar engine.

One of the alleged hackers, Zhang Zhang-Gui, has also been accused of working with an individual named Li Xiao as part of a separate hacking operation conducted “for their own criminal ends.” The Justice Department said one of the victims of this attack was a tech company in San Diego from which the hackers attempted to steal commercial information and use its website for a watering hole attack.

The first cyberattack known to U.S. authorities targeted Los Angeles-based Capstone Turbine. The attackers attempted to steal data from the company and use its website as a watering hole.

This is the third round of charges brought against JSSD spies since September. One JSSD officer was extradited to the United States for attempting to steal trade secrets related to jet engines and a U.S. Army recruit was indicted in September for working with a JSSD intelligence officer. None of the individuals targeted in the newly unsealed indictment are in U.S. custody.

“State-sponsored hacking is a direct threat to our national security. This action is yet another example of criminal efforts by the MSS to facilitate the theft of private data for China’s commercial gain,” said U.S. Attorney Adam Braverman. “The concerted effort to steal, rather than simply purchase, commercially available products should offend every company that invests talent, energy, and shareholder money into the development of products.”

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.